Abstract
Increasingly complex systems lead to an interweaving of security, safety, availability and reliability concerns. Most dependability analysis techniques do not include security aspects. In order to include security, a holistic risk model for systems is needed. In our novel approach, the basic failure cause, failure mode and failure effect model known from FMEA is used as a template for a vulnerability cause-effect chain, and an FMEA analysis technique extended with security is presented. This represents a unified model for safety and security cause-effect analysis. As an example the technique is then applied to a distributed industrial measurement system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Dong-bo Pan, F.L.: Influence between Safety and Security. In: 2nd IEEE Conference on Industrial Electronics and Applications, ICIEA 2007, pp. 1323–1325 (2007)
Lautieri, S.: De-risking safety [military safety systems]. Computing and Control Engineering 17, 38–41 (2006)
IEC 60812: Analysis Techniques for System Reliability – Procedure for Failure Mode and Effects Analysis (FMEA). International Electrotechnical Commission
MIL-P-1629: Procedures for Performing a failure mode, effects and Criticality analysis. Department of Defense (US)
Reifer, D.J.: Software Failure Modes and Effects Analysis. IEEE Transactions on Reliability 28(3), 247–249 (1979)
Jacob, N.J.S., Stadler, J.: Software Failure Modes and Effects Analysis. In: 2013 Proceedings-Annual Reliability and Maintainability Symposium (RAMS), pp. 1–5 (2013)
Haapanen Pentti, H.A.: Failure Mode and Effects Analysis of Software-Based Automation Systems. STUK-Y TO-TR-19 0, vol. 2, p. 2 (August 2002)
IEC 61508, Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems (E/E/PE, or E/E/PES). International Electrotechnical Commission (2010)
IEC 62443: Industrial communication networks - Network and system security. International Electrotechnical Commission
Gorbenko, A., Kharchenko, V., Tarasyuk, O., Furmanov, A.: F(I)MEA-technique of web services analysis and dependability ensuring. In: Butler, M., Jones, C.B., Romanovsky, A., Troubitsyna, E. (eds.) Rigorous Development of Complex Fault-Tolerant Systems. LNCS, vol. 4157, pp. 153–167. Springer, Heidelberg (2006)
Haapanen, P., Helminen, A.: Failure mode and effects analysis of software-based automation systems. In: Radiation and Nuclear Safety Authority, Helsinki, Finland (2002)
Frank Swiderski, W.S.: Threat Modeling. Microsoft Press (2004)
Laprie, J.-C.: Dependable Computing: Concepts, Limits, Challenges. Digest of Papers FTCS-15, 2–11 (1985)
ISO/IEC:27002: Information technology - security techniques - Code of practice for information security management. International Organization for Standardization (ISO), International Electrotechnical Commission (IEC)
ISO/IEC 27005, Information technology — Security techniques — Information security risk management. International Organization for Standardization (ISO), International Electrotechnical Commission, IEC (2008)
Microsoft, “Security Development Lifecycle,” Microsoft (2010)
Tehranipoor, M., Koushanfar, F.: A survey of hardware Trojan taxonomy and detection (2009)
Shostack., A., Lambert., S., Ostwald., T., Hernan, S.: Uncover Security Design Flaws Using The STRIDE Approach. MSDN Magazine (2006)
Powell, D., Stroud, R., et al.: Conceptual model and architecture of MAFTIA. Technical Report Series-University of Newcastle Upon Tyne Computing Science (2003)
Eric Byres, J.L.: The Myths and Facts behind Cyber Security Risks for Industrial Control Systems. British Columbia Institute of Technology (2004)
Wilhoit, K.: Who’s Really Attacking Your ICS Equipment. Trend Micro Incorporated (2013)
Viola, N., Corpino, S., Stesina, F., Fioriti, M.: Functional Analysis in Systems Engineering: methodology and applications (2012)
Meyer, U., Wetzel, S.: On the impact of GSM encryption and man-in-the-middle attacks on the security of interoperating GSM/UMTS networks. In: 15th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2004, vol. 4, pp. 2876–2883 (2004)
Steiner, M., Liggesmeyer, P.: Combination of Safety and Security Analysis - Finding Security Problems That Threaten The Safety of a System. In: SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E. (2014). Security Application of Failure Mode and Effect Analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science, vol 8666. Springer, Cham. https://doi.org/10.1007/978-3-319-10506-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-10506-2_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10505-5
Online ISBN: 978-3-319-10506-2
eBook Packages: Computer ScienceComputer Science (R0)